[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]

+

−

+

==Description==

==Description==

Line 24:

Line 18:

'''Exposure period'''

'''Exposure period'''

−

* Implementation: Many logic errors can lead to this condition if multiple data streams have a common beginning sequences.

+

* Implementation: Many logic errors can lead to this condition if multiple data streams have common beginning sequences.

'''Platform'''

'''Platform'''

Line 43:

Line 37:

Medium

Medium

−

CBC is the most commonly used mode of operation for a block cipher. It solves electronic code book's dictionary problems by XORing the ciphertext with plaintext. If it used to encrypt multiple data streams, dictionary attacks are possible, provided that the streams have a common beginning sequence.

+

CBC is the most commonly used mode of operation for a block cipher. It solves electronic code book's dictionary problems by XORing the ciphertext with plaintext. If it is used to encrypt multiple data streams, dictionary attacks are possible, provided that the streams have a common beginning sequence.

−

+

==Risk Factors==

==Risk Factors==

Line 103:

Line 96:

==Related [[Controls]]==

==Related [[Controls]]==

−

* Integrity: It is important to properly initialize CBC operating block ciphers or there use is lost.

+

* Integrity: It is important to properly initialize CBC operating block ciphers or their use is lost.

Latest revision as of 07:53, 27 February 2009

Description

Not using a random initialization vector with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks.

Consequences

Confidentiality: If the CBC is not properly initialized, data which is encrypted can be compromised and therefore be read.

Integrity: If the CBC is not properly initialized, encrypted data could be tampered with in transfer or if it accessible.

Accountability: Cryptographic based authentication systems could be defeated.

Exposure period

Implementation: Many logic errors can lead to this condition if multiple data streams have common beginning sequences.

Platform

Languages: Any

Operating platforms: Any

Required resources

Any

Severity

High

Likelihood of exploit

Medium

CBC is the most commonly used mode of operation for a block cipher. It solves electronic code book's dictionary problems by XORing the ciphertext with plaintext. If it is used to encrypt multiple data streams, dictionary attacks are possible, provided that the streams have a common beginning sequence.

Risk Factors

Talk about the factors that make this vulnerability likely or unlikely to actually happen

Discuss the technical impact of a successful exploit of this vulnerability